!486 Backport CVEs and bugfixes

}

static unsigned long __part_start_io_acct(struct hd_struct *part,

					  unsigned int sectors, unsigned int op)

					  unsigned int sectors, unsigned int op,

					  bool precise)

{

	const int sgrp = op_stat_group(op);

	unsigned long now = READ_ONCE(jiffies);

	part_stat_lock();

	update_io_ticks(part, now, false);

	if (!precise) {

		part_stat_inc(part, ios[sgrp]);

		part_stat_add(part, sectors[sgrp], sectors);

	}

	part_stat_local_inc(part, in_flight[op_is_write(op)]);

	part_stat_unlock();

{

	*part = disk_map_sector_rcu(disk, bio->bi_iter.bi_sector);

	return __part_start_io_acct(*part, bio_sectors(bio), bio_op(bio));

	return __part_start_io_acct(*part, bio_sectors(bio), bio_op(bio),

				    false);

}

EXPORT_SYMBOL_GPL(part_start_io_acct);

unsigned long disk_start_io_acct(struct gendisk *disk, unsigned int sectors,

				 unsigned int op)

{

	return __part_start_io_acct(&disk->part0, sectors, op);

	return __part_start_io_acct(&disk->part0, sectors, op, false);

}

EXPORT_SYMBOL(disk_start_io_acct);

static void __part_end_io_acct(struct hd_struct *part, unsigned int op,

			       unsigned long start_time)

static void __part_end_io_acct(struct hd_struct *part, unsigned int sectors,

			       unsigned int op, unsigned long start_time,

			       bool precise)

{

	const int sgrp = op_stat_group(op);

	unsigned long now = READ_ONCE(jiffies);

	part_stat_lock();

	update_io_ticks(part, now, true);

	if (precise) {

		part_stat_inc(part, ios[sgrp]);

		part_stat_add(part, sectors[sgrp], sectors);

	}

	part_stat_add(part, nsecs[sgrp], jiffies_to_nsecs(duration));

	part_stat_local_dec(part, in_flight[op_is_write(op)]);

	part_stat_unlock();

void part_end_io_acct(struct hd_struct *part, struct bio *bio,

		      unsigned long start_time)

{

	__part_end_io_acct(part, bio_op(bio), start_time);

	__part_end_io_acct(part, 0, bio_op(bio), start_time, false);

	hd_struct_put(part);

}

EXPORT_SYMBOL_GPL(part_end_io_acct);

void disk_end_io_acct(struct gendisk *disk, unsigned int op,

		      unsigned long start_time)

{

	__part_end_io_acct(&disk->part0, op, start_time);

	__part_end_io_acct(&disk->part0, 0, op, start_time, false);

}

EXPORT_SYMBOL(disk_end_io_acct);

unsigned long part_start_precise_io_acct(struct gendisk *disk,

					 struct hd_struct **part,

					 struct bio *bio)

{

	*part = disk_map_sector_rcu(disk, bio->bi_iter.bi_sector);

	return __part_start_io_acct(*part, 0, bio_op(bio), true);

}

EXPORT_SYMBOL_GPL(part_start_precise_io_acct);

unsigned long disk_start_precise_io_acct(struct gendisk *disk, unsigned int op)

{

	return __part_start_io_acct(&disk->part0, 0, op, true);

}

EXPORT_SYMBOL(disk_start_precise_io_acct);

void part_end_precise_io_acct(struct hd_struct *part, struct bio *bio,

			      unsigned long start_time)

{

	__part_end_io_acct(part, bio_sectors(bio), bio_op(bio), start_time,

			   true);

	hd_struct_put(part);

}

EXPORT_SYMBOL_GPL(part_end_precise_io_acct);

void disk_end_precise_io_acct(struct gendisk *disk, unsigned int sectors,

			      unsigned int op, unsigned long start_time)

{

	__part_end_io_acct(&disk->part0, sectors, op, start_time, true);

}

EXPORT_SYMBOL(disk_end_precise_io_acct);

/*

 * Steal bios from a request and add them to a bio list.

 * The request must not have been partially completed before.

		bio->bi_status = BLK_STS_IOERR;

	if (blk_queue_io_stat(bio->bi_disk->queue))

		bio_end_io_acct(bio, r1_bio->start_time);

		bio_end_precise_io_acct(bio, r1_bio->start_time);

	bio_endio(bio);

}

	r1_bio->read_disk = rdisk;

	if (!r1bio_existed && blk_queue_io_stat(bio->bi_disk->queue))

		r1_bio->start_time = bio_start_io_acct(bio);

		r1_bio->start_time = bio_start_precise_io_acct(bio);

	read_bio = bio_clone_fast(bio, gfp, &mddev->bio_set);

	}

	if (blk_queue_io_stat(bio->bi_disk->queue))

		r1_bio->start_time = bio_start_io_acct(bio);

		r1_bio->start_time = bio_start_precise_io_acct(bio);

	atomic_set(&r1_bio->remaining, 1);

	atomic_set(&r1_bio->behind_remaining, 0);

		bio->bi_status = BLK_STS_IOERR;

	if (blk_queue_io_stat(bio->bi_disk->queue))

		bio_end_io_acct(bio, r10_bio->start_time);

		bio_end_precise_io_acct(bio, r10_bio->start_time);

	bio_endio(bio);

	/*

	 * Wake up any possible resync thread that waits for the device

	slot = r10_bio->read_slot;

	if (!handle_error && blk_queue_io_stat(bio->bi_disk->queue))

		r10_bio->start_time = bio_start_io_acct(bio);

		r10_bio->start_time = bio_start_precise_io_acct(bio);

	read_bio = bio_clone_fast(bio, gfp, &mddev->bio_set);

	r10_bio->devs[slot].bio = read_bio;

	}

	if (blk_queue_io_stat(bio->bi_disk->queue))

		r10_bio->start_time = bio_start_io_acct(bio);

		r10_bio->start_time = bio_start_precise_io_acct(bio);

	atomic_set(&r10_bio->remaining, 1);

	md_bitmap_startwrite(mddev->bitmap, r10_bio->sector, r10_bio->sectors, 0);

	return nc*fc;

}

static void raid10_free_conf(struct r10conf *conf)

{

	if (!conf)

		return;

	mempool_exit(&conf->r10bio_pool);

	kfree(conf->mirrors);

	kfree(conf->mirrors_old);

	kfree(conf->mirrors_new);

	safe_put_page(conf->tmppage);

	bioset_exit(&conf->bio_split);

	kfree(conf);

}

static struct r10conf *setup_conf(struct mddev *mddev)

{

	struct r10conf *conf = NULL;

	return conf;

 out:

	if (conf) {

		mempool_exit(&conf->r10bio_pool);

		kfree(conf->mirrors);

		safe_put_page(conf->tmppage);

		bioset_exit(&conf->bio_split);

		kfree(conf);

	}

	raid10_free_conf(conf);

	return ERR_PTR(err);

}

out_free_conf:

	md_unregister_thread(&mddev->thread);

	mempool_exit(&conf->r10bio_pool);

	safe_put_page(conf->tmppage);

	kfree(conf->mirrors);

	kfree(conf);

	raid10_free_conf(conf);

	mddev->private = NULL;

out:

	return -EIO;

static void raid10_free(struct mddev *mddev, void *priv)

{

	struct r10conf *conf = priv;

	mempool_exit(&conf->r10bio_pool);

	safe_put_page(conf->tmppage);

	kfree(conf->mirrors);

	kfree(conf->mirrors_old);

	kfree(conf->mirrors_new);

	bioset_exit(&conf->bio_split);

	kfree(conf);

	raid10_free_conf(priv);

}

static void raid10_quiesce(struct mddev *mddev, int quiesce)

				       enum iscsi_host_param param, char *buf)

{

	struct iscsi_sw_tcp_host *tcp_sw_host = iscsi_host_priv(shost);

	struct iscsi_session *session = tcp_sw_host->session;

	struct iscsi_session *session;

	struct iscsi_conn *conn;

	struct iscsi_tcp_conn *tcp_conn;

	struct iscsi_sw_tcp_conn *tcp_sw_conn;

	switch (param) {

	case ISCSI_HOST_PARAM_IPADDRESS:

		session = tcp_sw_host->session;

		if (!session)

			return -ENOTCONN;

	if (!cls_session)

		goto remove_host;

	session = cls_session->dd_data;

	tcp_sw_host = iscsi_host_priv(shost);

	tcp_sw_host->session = session;

	if (iscsi_tcp_r2tpool_alloc(session))

		goto remove_session;

	/* We are now fully setup so expose the session to sysfs. */

	tcp_sw_host = iscsi_host_priv(shost);

	tcp_sw_host->session = session;

	return cls_session;

remove_session:

	if (WARN_ON_ONCE(session->leadconn))

		return;

	iscsi_session_remove(cls_session);

	/*

	 * Our get_host_param needs to access the session, so remove the

	 * host from sysfs before freeing the session to make sure userspace

	 * is no longer accessing the callout.

	 */

	iscsi_host_remove(shost);

	iscsi_tcp_r2tpool_free(cls_session->dd_data);

	iscsi_session_teardown(cls_session);

	iscsi_host_remove(shost);

	iscsi_session_free(cls_session);

	iscsi_host_free(shost);

}

}

EXPORT_SYMBOL_GPL(iscsi_session_setup);

/*

 * issi_session_remove - Remove session from iSCSI class.

 */

void iscsi_session_remove(struct iscsi_cls_session *cls_session)

{

	struct iscsi_session *session = cls_session->dd_data;

	struct Scsi_Host *shost = session->host;

	iscsi_remove_session(cls_session);

	/*

	 * host removal only has to wait for its children to be removed from

	 * sysfs, and iscsi_tcp needs to do iscsi_host_remove before freeing

	 * the session, so drop the session count here.

	 */

	iscsi_host_dec_session_cnt(shost);

}

EXPORT_SYMBOL_GPL(iscsi_session_remove);

/**

 * iscsi_session_teardown - destroy session, host, and cls_session

 * iscsi_session_free - Free iscsi session and it's resources

 * @cls_session: iscsi session

 */

void iscsi_session_teardown(struct iscsi_cls_session *cls_session)

void iscsi_session_free(struct iscsi_cls_session *cls_session)

{

	struct iscsi_session *session = cls_session->dd_data;

	struct module *owner = cls_session->transport->owner;

	struct Scsi_Host *shost = session->host;

	iscsi_pool_free(&session->cmdpool);

	iscsi_remove_session(cls_session);

	kfree(session->password);

	kfree(session->password_in);

	kfree(session->username);

	kfree(session->discovery_parent_type);

	iscsi_free_session(cls_session);

	iscsi_host_dec_session_cnt(shost);

	module_put(owner);

}

EXPORT_SYMBOL_GPL(iscsi_session_free);

/**

 * iscsi_session_teardown - destroy session and cls_session

 * @cls_session: iscsi session

 */

void iscsi_session_teardown(struct iscsi_cls_session *cls_session)

{

	iscsi_session_remove(cls_session);

	iscsi_session_free(cls_session);

}

EXPORT_SYMBOL_GPL(iscsi_session_teardown);

/**